summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDr. Stephen Henson <steve@openssl.org>2015-01-06 21:29:28 +0100
committerRich Salz <rsalz@openssl.org>2015-01-06 21:29:28 +0100
commit77ff1f3b8bfaa348956c5096a2b829f2e767b4f1 (patch)
tree0949505186dda05681fd72f4e79462c478470a46
parentSome cleanup of L<> markup in pod files (diff)
downloadopenssl-77ff1f3b8bfaa348956c5096a2b829f2e767b4f1.tar.xz
openssl-77ff1f3b8bfaa348956c5096a2b829f2e767b4f1.zip
RT3662: Allow leading . in nameConstraints
Change by SteveH from original by John Denker (in the RT) Reviewed-by: Rich Salz <rsalz@openssl.org>
-rw-r--r--crypto/x509v3/v3_ncons.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c
index 06520fee41..25c1855149 100644
--- a/crypto/x509v3/v3_ncons.c
+++ b/crypto/x509v3/v3_ncons.c
@@ -405,7 +405,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)
if (dns->length > base->length)
{
dnsptr += dns->length - base->length;
- if (dnsptr[-1] != '.')
+ if (*baseptr != '.' && dnsptr[-1] != '.')
return X509_V_ERR_PERMITTED_VIOLATION;
}